Junos JPPPD Denial Of Service Vulnerability Network Vulnerability

Summary

Junos OS is prone to a DoS vulnerability in JPPPD.

Impact

Everytime a crafted PAP authentication request is sent, the Juniper PPP daemon will crash, leading to a denial of service condition.

Solution

New builds of Junos OS software are available from Juniper. As a workaround discontinue PAP authentication for PPP subscribers.

Insight

Using PPP authentication with a specifically crafted PAP Authenticate-Request may cause the Juniper PPP daemon (jpppd) to crash and restart. After PPPoE Discovery and LCP phase is successfully negotiated, when the crafted PAP Authenticate-Request is received, jpppd crashes and no response is sent by the broadband edge router to the subscriber.

Affected

Junos OS 13.3, 14.1 and 14.2

Detection

Check the OS build.

References

http://kb.juniper.net/JSA10665

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6382
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Junos Buffer Overflow when Processing HTTP Messages
Junos GNU libc GLOB_LIMIT DoS Vulnerability
Junos Denial of Service Vulnerability in Flow Daemon
Junos RSVP Denial of Service Vulnerability
Junos BGP UPDATE Denial of Service Vulnerability

Junos JPPPD Denial of Service Vulnerability

Take action and discover your vulnerabilities